VPN and SPI

VPN and SPI

VPN and SPI
VPN and SPI
2024-04-01 13:01:31 - last edited 3 weeks ago
Tags: #VPN #SPI
Model: EB810v  
Hardware Version: V1
Firmware Version: 0.4.0 3.0.0 v608b.0 Build 240122 Rel.66930n

Hi,

 

I have set up OpenVPN on my EB810V router. 

 

I find that it does not work. Although the VPN does connect, I find that I cannot access services on my internal network (e.g., HTTPS) when the SPI Firewall is enabled.

 

If I disable the SPI Firewall, the same services are accessible.

 

Is this a bug? Is there a workaround?

 

I do not feel safe leaving SPI switched off.

 

Thank you!

 

 

  0      
  0      
#1
Options
5 Reply
Re:VPN and SPI
2024-04-02 03:20:10

  @Bussiere 

 

Hi, EB810V is your OpenVPN Server, right? do you have Archer BE800 or not?

Please let us know your network topology and which device/service you are trying to access via the VPN, like https service of the EB810v itself, or https service of a client device within the EB810v LAN network?

 

In addition, EB810v is an ISP model actually, did you get it from your ISP? You could refer to this guide for a try: Why can’t I access or discover certain devices over VPN?

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  0  
  0  
#2
Options
Re:VPN and SPI
2024-04-02 05:11:01

 

@Sunshine 

 

Thank you for your response.

 

To answer the questions:

 

  • The EB810v is my OpenVPN Server.
  • I am assuming that the EB810v is similar or the same firmware as the BE800, please correct me if wrong. 
  • I got the EB810v from my ISP, Starhub.

 

Here is a diagram of the topology with an explanation of what happens when the SPI is on and what happens when the SPI is off. In a nutshell, SPI on = does not work, SPI off = works. This should not be the case.

 

Thank you for your help with this.

 

 

 

 

 

 

Sunshine wrote

  @Bussiere 

 

Hi, EB810V is your OpenVPN Server, right? do you have Archer BE800 or not?

Please let us know your network topology and which device/service you are trying to access via the VPN, like https service of the EB810v itself, or https service of a client device within the EB810v LAN network?

 

In addition, EB810v is an ISP model actually, did you get it from your ISP? You could refer to this guide for a try: Why can’t I access or discover certain devices over VPN?

 

  0  
  0  
#3
Options
Re:VPN and SPI
2024-04-02 05:11:58
Also, I tried the recommendations in the guide, and they did not solve the problem.
  0  
  0  
#4
Options
Re:VPN and SPI
2024-04-03 02:52:40

  @Bussiere 

 

Hi, since ping works fine when SFI Firewall is enabled, we could confirm that the VPN traffic is not blocked by the SPI Firewall.

Actually we've run similar tests on our end with other retailer version product and could confirm that accessing internal http/https server via VPN is working fine with SPI firewall enabled, so the issue in your case could be related to your internal servers.

Since EB810v is an ISP model, we community team don't have related information and cannot follow up, if you have any further questions, it is recommended to contact your ISP, if the issue is indeed with the product, the ISP should report to ISP models related support team.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer BE550 New Software Enhances System Stability and Optimizes MLO Network Stability. TL-WA3001 Supports EasyMesh, Speed Limit, Guest Network in AP Mode and/or Multi-SSID Mode. If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  0  
  0  
#5
Options
Re:VPN and SPI
2024-06-01 05:44:33 - last edited 2024-06-01 05:47:35

@Sunshine

 

I face the same issue and StarHub refers me to TP-Link. I suspect that it is either a feature that has been disabled or firmware bug. TP-LINK should have e a team handles with Starhub, can you help channel this issue to them?

  0  
  0  
#6
Options